From d250801fcf27ff08e9ac6ad51b081d7be8f894cf Mon Sep 17 00:00:00 2001 From: Domenico Francesco Bruscino Date: Thu, 21 Jul 2022 11:51:04 +0200 Subject: [PATCH] ARTEMIS-3900 Support management allowlist entries with wildcard domain --- .../management/JMXAccessControlList.java | 5 ++++ .../management/JMXAccessControlListTest.java | 24 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java index 6b8ae9417a..979d2a2abb 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java @@ -83,6 +83,11 @@ public class JMXAccessControlList { public boolean isInAllowList(ObjectName objectName) { TreeMap domainMap = allowList.get(objectName.getDomain()); + + if (domainMap == null) { + domainMap = allowList.get(WILDCARD); + } + if (domainMap != null) { if (domainMap.containsKey("")) { return true; diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java index 4849bfb481..f1e4ea9431 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java @@ -60,6 +60,30 @@ public class JMXAccessControlListTest { Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:type=foo"))); } + @Test + public void testWildcardDomain() throws MalformedObjectNameException { + JMXAccessControlList controlList = new JMXAccessControlList(); + controlList.addToAllowList("*", null); + Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:*"))); + Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain.foo:*"))); + } + + @Test + public void testWildcardDomainWithProperty() throws MalformedObjectNameException { + JMXAccessControlList controlList = new JMXAccessControlList(); + controlList.addToAllowList("*", "type=foo"); + controlList.addToAllowList("org.myDomain.foo", "type=bar"); + Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain:*"))); + Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.foo:*"))); + Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain.foo:type=bar"))); + Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.foo:type=foo"))); + Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain.bar:*"))); + Assert.assertFalse(controlList.isInAllowList(new ObjectName("org.myDomain:subType=foo"))); + + Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:type=foo"))); + Assert.assertTrue(controlList.isInAllowList(new ObjectName("org.myDomain:subType=bar,type=foo"))); + } + @Test public void testBasicRole() throws MalformedObjectNameException { JMXAccessControlList controlList = new JMXAccessControlList();